How can I deny access to the internet through a SonicWall by MAC address

I have a SonicWall TZ170 with enhanced firmware.
We have several machines that never need to access the internet, and so we want to restrict that access by MAC address.
Where in the Administration menu do I set this restriction?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


the easiest way to restrict web access to internal PCs, is to assign them a static IP address through your DHCP server - whether that be an actual server or your TZ 170 firewall.  once you've assigned the static IPs, you can then create an access rule on the TZ 170 restricting HTTP and HTTPS traffic for those specific IPs.

i'm quite familiar with the SonicWALL series firewalls, backup devices and email security devices.  feel free to let me know if you need more info.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
the other option would be to have users authenticate to the firewall to get outside access.
GrizzlerAuthor Commented:
NeoPumpkin gave me what I needed.
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

glad to hear that, Grizzler.

Thanks in advance for the points.  Have a good one.


Please hit the "accept answer" button on my post, which awards me some points for helping out and closes the question.  Thanks!

GrizzlerAuthor Commented:

I just did this. Thanks for the help.
Navigation through this site and correct use of it is something I'm still learning.
If I offend with my lack of protocol knowledge, please let me know.
It's my goal to become a contributing member of this forum, and not just one asking questions.

We all start from square 1, my friend.  Welcome to the EE community!  

I find it quite enjoyable being a contributing member here on the forums.  It's a great way to share information in this ever-so-quickly changing age of digital life.  If you have the time to contribute, I would highly encourage it, as it's also a way of honing your own skills.

GrizzlerAuthor Commented:
Hi Jim,

Thanks for the welcome, the kind words, and the help you've given me. I've been a part of the DP or IT community since the days of punched cards and single user mainframes. It's been a wild ride, but even more so since Ethernet and the internet. Now, each time you turn around, something(s) has changed.
Along the way I've picked up a good deal of information, and will be looking for a way to share some of that when I can.

Thanks again, JIm, and a have a Happy Thanksgiving holiday.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.